SIEM: A Market Snapshot

WHAT IS SIEM?
Security Information and Event Management solutions are a combination of the formerly disparate product categories of SIM (security information management) and SEM (security event management). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. The objective: To help companies respond to attacks faster and organize mountains of log data.

SIEM solutions come as software, appliances or managed services. Increasingly, SIEM solutions are being used to log security data and generate reports for compliance purposes.

MARKET ON THE RISE
Fueled originally by stealthy threats such as worms and more recently by compliance, the SIEM market is projected to grow from about $380 million last year to $873 million in 2010, according to research firm IDC.

RSA Security, the security division of EMC, estimates that the SIEM market is expanding at a rate of between 25 percent and 35 percent annually.

WHAT'S DRIVING THE SIEM MARKET?
A number of factors are behind the SIEM market's ascent. Here are some:

&#149 SIEM is ideal for compliance and reporting.
&#149 SIEM technology gives a view of internal and external threats.
&#149 SIEM solutions improve operational efficiencies and cut administrative costs.
&#149 The technology is flexible and can be made into a managed service.

THE PLAYERS
In 2006, IBM, Novell and EMC bought their way into the SIEM market, leaving Arcsight, with its Enterprise Security Manager product, as the current market leader.

Network Intelligence, which EMC acquired in September, previously occupied that spot on the strength of its enVision product, used by many MSSPs to deliver SIEM-as-a-service. IBM acquired Consul and Micromuse, and Novell bought e-Security to get into this space. In addition, Attachmate acquired NetIQ.

Although Cisco's MARS appliance is sometimes seen as a SIEM product, solution providers said it focuses mainly on the event management portion of SIEM as opposed to logging data for forensics purposes.

Here's a rundown of other SIEM vendors and their products:

&#149 Check Point - Eventia
&#149 LogLogic - ST and LX appliances
&#149 eIQ Networks - SecureVue
&#149 CA - eTrust Security Command Center
&#149 Symantec - SIM appliance
&#149 SenSage - Enterprise Security Analytics (ESA)
&#149 Q1 Labs - QRadar

IMPLEMENTATION CHALLENGES
SIEM is a complex technology, and the market segment remains in flux. Solution providers getting into the space face the following challenges:

&#149 SIEM solutions require a high level of technical expertise.
&#149 SIEM vendors require extensive partner training and certification.
&#149 Continued market consolidation could break partnerships with SIEM vendors.
&#149 Sales cycles are long and complicated.
&#149 SIEM vendors have been slow in embracing the channel.